Set IndexIgnore inside httpd.conf - apache

I want to prevent directory file listing in all of my folders, so when a user types http://example.com/thisDoesNotExists/, the directory file listing do not show up.
According to a tutorial all I have to do is set IndexIgnore *
I try to set it in the httpd.conf, so I do
<IfModule mod_autoindex>
IndexIgnore *
</IfModule>
at the bottom of the httpd.conf.
It does not work. I get my 404errorPage.html without any styles.
How can I fix this? Thanks.
Disclaimer : I try to set this in httpd.conf and not htaccess because "You should avoid using .htaccess files completely if you have access to httpd main server config file. Using .htaccess files slows down your Apache http server. Any directive that you can include in a .htaccess file is better set in a Directory block, as it will have the same effect with better performance." According to this.

Your <IfModule> argument is wrong so the enclosing directive is never evaluated. The argument either needs to be the modules name (you can see
this in the corresponding LoadModule) or the main source filename.
Both "autoindex_module" and "mod_autoindex.c" work.

Here is another way to do it:
You should edit /etc/httpd/conf/httpd.conf, find the code block with
<Directory "/var/www/html">
Options Index FollowSymLinks
</Directory>
You should remove the Index in there then restart your httpd service by
sudo service httpd restart

Related

How do I write an .htaccess file so that it can proxy images outside of the web root on an Apache server?

I want to proxy a bunch of images on my Apache server so that they are not stored in the webroot.
Specifically, I have all my images in the following folder on my Linux server:
/var/www/img/
However, I want it so that when a user goes to mydomain.com/img/img1.jpg (which has the server path /var/www/html/img/img1.jpg), it references the following file outside of the webroot:
/var/www/img/img1.jpg
It seems like this is possible using the ProxyPass and ProxyPassReverse rules in an .htaccess file (source: https://httpd.apache.org/docs/2.4/rewrite/avoid.html#proxy), but I'm having trouble understanding their syntax and which path goes where, etc.
Given my above situation, could someone please provide some explicit code that I can write into an .htaccess file to achieve what I want?
Edit: I just solved this problem by adding the following one line to my Apache httpd.conf file, and then restarting the server:
Alias "/img" "/var/www/img"
Where the /img part refers to the img directory in my webroot, and the /var/www/img part refers to the Linux filesystem directory I want to point to with the actual files in it.
Best way is to add a symbolic link to your other folder:
ln -s /my/target/folder /var/www/html/mynewfolder
If you can edit the Apache conf file for the server you need to add the FollowSymLinks directive in the directory block:
<Directory "/var/www/html/">
AllowOverride All
Options FollowSymLinks
</Directory>
You might also be able to add that to your .htaccess file as Options +FollowSymLinks if you can't edit the Apache file
You can try doing this with the PassThrough PT flag and mod_rewrite.
You create an alias to the actual path and then use it in the rule.
Alias "/img" "/var/www/img/"
RewriteRule "img/(.+)\.(jpe?g|gif|png)$" "/img/$1.$2" [PT]
See how that works for you.

Can't remove index.php without 404 error

I'm using Joomla 2.5 and Apache and I have followed this steps:
1- mod_rewrite module is eneabled? YES
2- htaccess.txt renamed to .htaccess
3- set "Use URL Rewriting" to YES.
And this is what I get:
Not Found
The requested URL /about-us was not found on this server.
The web is located in /var/www/
The .htaccess is located in /var/www/
And this is my .htaccess: http://pastebin.com/dq1TYs1t
Thanks for the help.
Since you said allowoverride was set to none, your .htaccess file will be ignored. You need to set allowoverride to all the other option is leave allowoverride at none, and take the contents of the .htaccess file and incorporate it into your apache configuration file. This has the benefit of being slightly faster as apache doesn't need to look in directory tree for .htaccess files (they are really good to allow users that don't have access to the configs the ability to override the base settings, but if you have access to /var/www you should also have access to make changes to the config files.
There is no need to enable any mod_rewrite module.
Need to enable URL rewriting option in global configuration. Also need to rename htaccess.txt file to .htaccess.
please check there is no any third party component of security like admin tools are enable or installed which is blocking this mod rewrite option.

Starting and accessing sessions using auto-prepend-file from .htaccess

I have been trying to use the 'auto-prepend-file' value to set a PHP script to be ran before every page from that directory. Currently, I'm destroying and creating a session, then setting a session variable.
But if I try to access session variables from a page, there is no value in them.
Can this value be prevented from being set in a .htaccess file?
Will the prepended script be ran when called for non-php pages aswell?
Can this value be prevented from being set in a .htaccess file?
It is possible to disable session cookies with a .htaccess file, but I doubt that's the real problem in your case. Are you sure the file is actually getting prepended at all? Try a more direct test, like adding die('The prepended file was executed.') to the file.
Will the prepended script be ran when called for non-php pages aswell?
The auto_prepend_file directive only applies to files parsed by PHP. In most server configurations that will only include .php files. However, you can use the AddHandler directive to make Apache execute PHP in other file types as well.
For example, if you use AddHandler to add .html as another file type that can contain PHP code, auto_prepend_file will also apply to .html files.
What ended up solving it for me was setting the "AllowOverride" directive on my Apache configuration file. In order to allow .htaccess privileges on given folder, you should have something like...
# Allow .htaccess settings
<Directory "/absolute/path/to/htaccessfolder">
AllowOverride Options
</Directory>
...on httpd.conf, which allows overriding option settings from the selected directory.

How to ignore .htaccess?

Is there a way to tell Apache to ignore other .htaccess files under current directory?
For example:
/web/.htaccess [this is parsed, I would like to define the rule here]
/web/uploads/.htaccess [this should be ignored]
In your main apache config, add the directive AllowOverride None.
This will prevent it from looking at .htaccess files.
For more info, see http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride

Do you have to restart apache to make re-write rules in the .htaccess take effect?

I have pushed my .htaccess files to the production severs, but they don't work. Would a restart be the next step, or should I check something else.
A restart is not required for changes to .htaccess. Something else is wrong.
Make sure your .htaccess includes the statement
RewriteEngine on
which is required even if it's also present in httpd.conf. Also check that .htaccess is readable by the httpd process.
Check the error_log - it will tell you of any errors in .htaccess if it's being used.
Putting an intentional syntax error in .htaccess is a good check to make sure the file is being used -- you should get a 500 error on any page in the same directory.
Lastly, you can enable a rewrite log using commands like the following in your httpd.conf:
RewriteLog "logs/rewritelog"
RewriteLogLevel 7
The log file thus generated will give you the gory detail of which rewrite rules matched and how they were handled.
No:
Apache allows for decentralized management of configuration via special files placed inside the web tree. The special files are usually called .htaccess, but any name can be specified in the AccessFileName directive... Since .htaccess files are read on every request, changes made in these files take immediate effect...
From the apache documentation:
Most commonly, the problem is that AllowOverride is not set such that your configuration directives are being honored. Make sure that you don't have a AllowOverride None in effect for the file scope in question. A good test for this is to put garbage in your .htaccess file and reload. If a server error is not generated, then you almost certainly have AllowOverride None in effect.
Only if you have not added the mod_rewrite module to Apache.
You only need to restart Apache if you change any Apache ".conf" files.
I have the same issue and it seems PiedPiper post about AllowOverride were most helpful. Check your httpd.conf file for "AllowOverride" and make sure it is set to All.
In case of .htaccess restart is not required if it is not working probable reasons include.
AllowOverride May not be set which user can set inside httpd.conf or might have to contact server admin.
Check the file name of .htaccess it should be .htaccess not htaccess.txt see here for guide how to create one.
Try to use Options -Indexes or deny all kind of simple directive to see if it is working or not.
clear browser cache everytime if having rule for redirects or similar if previous redirect is cached it appears as if things are not working.
What's in your .htaccess? RewriteRules? Check that mod_rewrite is installed and enabled.
Other stuff? Try setting AllowOverride to 'all' on that directory.